Main Vulnerability Database Vulnerabilities #VU13405

#VU13405 Resource exhaustion in Cisco TelePresence Video Communication Server - CVE-2018-0358

Published: June 20, 2018 / Updated: June 21, 2018

Vulnerability identifier: #VU13405

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0358

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco TelePresence Video Communication Server

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the file descriptor handling of Cisco TelePresence Video Communication Server due to exhaustion of file descriptors while processing a high volume of traffic. A remote attacker can establish a high number of concurrent TCP connections, trigger resource exhaustion and cause a restart in a specific process, resulting in a temporary interruption of service.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-vcse-dos

#VU13405 Resource exhaustion in Cisco TelePresence Video Communication Server - CVE-2018-0358

Description

Remediation

External links

Please verify you're human